1. Home
  2. Forums Index
  3. WebmasterWorld / Microsoft Windows OS 11:57 pm May 20, 2026

Forum Moderators: open

Message Too Old, No Replies

Microsoft Windows New Zero-Day Vulnerability Disclosed

         

engine

5:02 pm on Aug 29, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



There's a new zero-day vulnerability proof of concept exposed earlier this week for Windows, which has been confirmed by CERT/CC.
Microsoft is aware of the flaw, and, as yet, there are no known workarounds of patches.
The next Patch Tuesday is expected on September 11, 2018, unless an out-of-schedule patch is issued.

The Windows vulnerability is described as a local privilege escalation security flaw in the Microsoft Windows task scheduler caused by errors in the handling of Advanced Local Procedure Call (ALPC) systems.

If exploited, the zero-day bug permits local users to obtain system privileges.


[zdnet.com...]

keyplyr

10:04 pm on Aug 29, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



It appears this "vulnerability" is local, meaning the perp would need access to your machine to reset any permissions, which of course would be the same if this "vulnerability" didn't exist.

graeme_p

11:30 am on Aug 30, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I do not see why that stops it being a vulnerability. If any user can get privileges they should not (i.e. admin or some subset of it) its a serious flaw on any multi user machine. So, its a big problem shared hosting servers, or any other setup where you do not want every user to be an admin.

keyplyr

6:48 pm on Aug 30, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I do not see why that stops it being a vulnerability...
Is that what you thought I said?

Windows 10 is not "shared hosting servers" however yes, a flaw is a flaw whether the machine is a multi user environment or not.

One of my Windows 10 machines makes me sign-in a second time when I try to access a certain group of files. Another Windows 10 machine keeps telling me I don't have permission to access a directory, but if I get there another route there's no issue. I'd say these are flaws.

graeme_p

12:10 pm on Aug 31, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



It "likely" works on Windows server 2016 according to this: [doublepulsar.com...] which is one of the sources used by CERT: [kb.cert.org...]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Microsoft Windows OS 11:57 pm May 20, 2026