Local Privilege Escalation Vulnerability in Windows 10
A security researcher, who goes by “SandboxEscape,” published online the details of a local privilege escalation vulnerability in the Windows 10 operating system. The flaw exists in the Windows task scheduler Advanced Local Procedure Call (ALPC) interface and can be exploited by a local user to obtain elevated SYSTEM privileges. Proof-of-concept exploit code is available online. On August 30, cybersecurity firm Acros Security released a temporary patch to address the vulnerability for users of 64-bit Windows 10 version 803 and plan to release a fix for Windows Server 2016 on August 31. The NJCCIC recommends Windows 10 users and administrators review the CERT/CC Vulnerability Note for more information and apply the temporary fix and patch when it becomes available.