Windows 10 zero-day security hole gets publicly outed

News
By
published

Privilege escalation bug could lead to a PC hijack scenario

Windows 10 Redstone 4
(Image credit: Microsoft)

A zero-day vulnerability in Windows 10 has just been made public, and it’s a hole that could potentially be exploited to take control of your PC.

The security flaw was revealed by Twitter user SandboxEscaper in controversial fashion – more on that later – and it’s a privilege escalation bug (with a proof of concept provided).

CERT/CC (the US cybersecurity organization which looks to counter emerging threats) has confirmed that this vulnerability can be leveraged against a 64-bit Windows 10 PC which has been fully patched up to date, as The Register reports.

It offers a route to gain local privilege escalation, as mentioned, meaning a malicious party could hijack the PC, but the good news – such as it is – is that it’s a local bug, so the attacker would have to be already logged into the PC to exploit it, or be running code on the machine.

However, the latter means there’s the potential avenue of getting a user to download a malicious app, and infecting the PC that way, of course. So this isn’t something that should fly under your radar – as ever, be careful what you download, and where you download it from.

Colorful revelation

SandboxEscaper revealed the bug using, shall we say, colorful language, so we won’t reproduce the tweet here, but assuming you’re not offended by profanity, you can check it out.

Suffice it to say it seems that someone got frustrated with Microsoft’s procedures for submitting bugs and vulnerabilities, and decided just to go ahead and publicly out the vulnerability instead. SandboxEscaper now seems to regret her actions, though, as she subsequently tweeted: “I screwed up, not MSFT (they are actually a cool company). Depression sucks.”

On its part, Microsoft has declared that it will “proactively update impacted devices as soon as possible”, so that means a patch is doubtless in the works, although the software giant hasn’t deemed it necessary to release any kind of emergency fix for this issue. We can probably expect the cure for the flaw to arrive in next month’s round of security updates.

Meanwhile, in other security-related news, last week Microsoft deployed a fresh batch of Intel’s microcode updates for Windows 10 which defend against the recently discovered Foreshadow vulnerability (and further variants of Spectre).

See more Computing News
Darren Allan

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Windows
Acer Aspire 14 AI laptop display showing the Windows 11 login screen
Shock, horror – I’m not going to argue with Microsoft’s latest bit of nagging in Windows 11, as this pop-up is justified
A laptop on a desk with the Windows 11 background on its screen.
Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier
AOC Agon Pro AG276FK gaming monitor tilted slightly to the side, showing the Windows desktop screen
Windows 11 users get ready for more ‘recommendations’ from Microsoft – but I’m relieved to say these suggestions might actually be useful
Microsoft Store logo on a blurred background
There's finally a fix for an annoying Microsoft Store bug that's older than Windows 11
Portrait of African-American teenage boy studying at home or in college dorm and using laptop, copy space
Windows 11’s Notepad gets AI-powered ‘Rewrite’ feature, but not everyone’s going to be happy about it
Copilot on a laptop
Microsoft quietly updates Copilot to cut down on unauthorized Windows activations
Latest in News
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
An Nvidia GeForce RTX 4060 on a table with its retail packaging
Nvidia RTX 5060 GPU spotted in Acer gaming PC, suggesting rumors of imminent launch are correct – and that it’ll run with only 8GB of video RAM
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
A close up of the limited edition vinyl turntable wrist watch from AndoAndoAndo
This limited-edition timepiece turns the iconic Technics SL-1200 turntable into a watch, and I want one
More about windows
Acer Aspire 14 AI laptop display showing the Windows 11 login screen

Shock, horror – I’m not going to argue with Microsoft’s latest bit of nagging in Windows 11, as this pop-up is justified
A laptop on a desk with the Windows 11 background on its screen.

Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier
Deep Resarch

I test AI agents for a living and these are the 5 reasons you should let tools like ChatGPT Deep Research get things done for you
See more latest
Most Popular
Three photos of the iPad Air M3 and its camera
iPad Air M3 review roundup – should you buy Apple's new mid-range tablet?
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
HP LaserJet Pro 3000 on modern office desk
Now HP printers are being bricked following firmware update
Meta QLC Server
Facebook engineers say bigger hard disk drives is making one critical metric far, far worse
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
Two iPhones showing Apple HomeKit settings
Still using an iPad as a Home Hub? Bad news – Apple is about to end support for it
Horizon Zero Dawn Remastered
Future PlayStation games could have AI-powered characters, if this leaked prototype of Aloy is anything to go by
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April