ALPC tweet

A security researcher has published on Twitter details about a vulnerability in the Windows OS.

The vulnerability is a "local privilege escalation" issue that allows an attacker to elevate the access of malicious code from a limited USER role to an all-access SYSTEM account.

Will Dormann, an engineer of CERT/CC, has confirmed the vulnerability and has issued an official CERT/CC alert last night.

Dormann says the vulnerability resides in the Windows Task Scheduler, and more precisely in the Advanced Local Procedure Call (ALPC) interface.

The ALPC interface is a Windows-internal mechanism that works as an inter-process communication system. ALPC enables a client process running within the OS to ask a server process running within the same OS to provide some information or perform some action.

The researcher, who goes online by the name of SandboxEscaper, has released proof-of-concept (PoC) code on GitHub for exploiting the ALPC interface to gain SYSTEM access on a Windows system.

Malware authors will particularly be interested in this PoC, as it allows benign malware to gain admin access on targeted systems using an exploit more reliable than many existing methods.

SandboxEscaper has not notified Microsoft about the vulnerability, meaning there is no patch for this flaw. Currently, all Windows 64-bit users are vulnerable.

Microsoft's next security updates are scheduled for September 11, the date of the company's next Patch Tuesday.

Related Articles:

Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks

0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative

New Microsoft Edge Browser Zero-Day RCE Exploit in the Works

jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs