• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Amazon Linux Update for Tomcat8 Multiple Vulnerabilities
May 22, 2019
Rewterz Threat Alert – MuddyWater Associated Blackwater Campaign New Anti Detection Techniques
May 23, 2019

Rewterz Threat Advisory – Zero Day Flaw Exploit Unpatched for Windows 10

May 22, 2019

Severity

High

Analysis Summary

A hacker goes by the handle “Sandbox Escaper” which specializes in sandbox escapes and local privilege escalation exploits has released another zero-day exploit for all versions of Windows 10 which would allow them full control over the server or computer.

This latest one works by abusing Windows’ schtasks tool, designed to run programs at scheduled times, along with quirks in the operating system.

The vulnerability resides in Task Scheduler, a utility that enables Windows users to schedule the launch of programs or scripts at a predefined time or after specified time intervals.

SandboxEscaper’s exploit code makes use of SchRpcRegisterTask, a method in Task Scheduler to register tasks with the server, which doesn’t properly check for permissions and can, therefore, be used to set an arbitrary DACL (discretionary access control list) permission.

“This will result in a call to the following RPC “_SchRpcRegisterTask,” which is exposed by the task scheduler service,” SandboxEscaper said.

A malicious program or a low-privileged attacker can run a malformed .job file to obtain SYSTEM privileges, eventually allowing the attacker to gain full access to the targeted system.

The exploit code imports a legacy job file into the Windows Task Scheduler using schtasks, creating a new task, and then deletes that new task’s file from the Windows folder. Next, it creates a hard filesystem link pointing from where the new task’s file was created to pci.sys, one of Windows’ kernel-level driver files, and then runs the same schtasks command again. This clobbers pci.sys’s access permissions so that it can be modified and overwritten by the user, thus opening the door to privileged code execution.

SandboxEscaper claims to have more zero-days up her sleeve aside from this latest vulnerability: “I have four more unpatched bugs where that one came from. Three LPEs [local privilege escalations], all gaining code exec as system.

Impact

  • System access
  • Privilege access

Affected Vendors

Microsoft

Affected Products

Windows 10

Remediation

Currently there are no patches or updates available for the product.

It is recommended to closely monitor SandEscaper activities as they are responsible for publicly revealing zero days.

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.