Zero-day vulnerability in Windows

Privilege escalation
CVE-2018-8440

A privilege escalation vulnerability was first publicly disclosed on Twitter on August 27, 2018. It was successful incorporated into malware used by the PowerPool group, reported by ESET.
The vulnerability was dubbed SendboxEscaper by its author.

Vulnerability details

Advisory: SB2018082901 - Privilege escalation in Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2018-8440

CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description:

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to ALPC access control flaw. A local attacker can create a hard link from a readable file on the system to a '.job' file in the 'c:\windows\tasks' directory, invoke the _SchRpcSetSecurity() method of the task scheduler service ALPC endpoint to overwrite the linked file and gain system level privileges on the target system. The vulnerability was dubbed "SendboxEscaper".

Note: the vulnerability is being exploited in the wild by the PowerPool group.

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.