Windows 10 Zero-Day Vulnerability Exploit Code Released

On May 22, security researcher “SandboxEscaper” released PoC code on GitHub to exploit a Windows 10 zero-day vulnerability. The flaw, present in the Windows Task Scheduler process, is a local privilege escalation vulnerability that threat actors could use to elevate their privileges to admin after gaining initial access into a network. The zero-day exploit can be used against Windows 10 machines; however, researchers believe it can work on all Windows versions with some adjustments. The NJCCIC recommends Windows users keep all systems up-to-date and apply any patches if/when they become available. More information can be found in the ZDNet article.