New Zero-Day Vulnerability Attack in Windows

September 18, 2018 | By Immanuel
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, 5.00 / 5
Loading...

Zero Day Vulnerability

A zero-day also known as Day Zero or 0-day refers to the computing vulnerability which is often sought by the hackers to exploit for selfish and illegal reasons. Zero Day Vulnerability Attacks are becoming more and more common these days. Recently, another one was discovered in Windows and it was immediately disclosed by a security researcher on Twitter. The bug was uncovered by a user called SandboxEscaper, and it has been verified by US-CERT.

On the other hand, Windows is the most preferred operating system across the globe. Be it Windows 7 or Windows 10, more than three fourth of the online population obviously prefer Microsoft’s Operating System. Windows OS is a lightweight, up-to-date, affordable, and user-friendly interface that supports numerous compatible programs and games. On the whole, it is well-maintained.

However, all that good reputations shouldn’t conclude that the OS is coming to the market all clean without any issues. A lot has been discussed over the privacy concerns and netizens have also raised questions about Microsoft’s patch policy in the past. Its popularity and position make it uniquely interesting for hackers and security researchers alike. Any security patches to fix vulnerabilities comes as no surprise to anyone.

It is not clear whether the bug has the capability to affect all the versions of Windows OS, such as Windows 7.

The vulnerability is a local privilege escalation flaw in the Microsoft Windows task scheduler that’s caused by errors in the handling of Advanced Local Procedure Call (ALPC) systems – according to Dormann.

The CERT note read, “Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. The CERT/CC is currently unaware of a practical solution to this problem.”

ALPC is a local system, which enables high-speed inter-process communications, thereby the impact is limited. However, an online fraudster can trick a victim into downloading a nefarious app, normally through a phishing scam, and may use it to exploit the vulnerability. The Windows bug has been given a CVSS score of 6.4 to 6.8.

A spokesperson told that “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule.” Thereby, it is understood that Microsoft is waiting until its next scheduled Patch Tuesday—September 11—to issue a fix.

With Comodo antivirus installed on your computer, you don’t have to worry about virus protection and various other types of windows viruses that are prevalent on the internet. Comodo Free Antivirus will automatically contain unknown or malicious files. It prevents cybercriminals from stealing your data or damage your computer.

Comodo Free Antivirus

Be Sociable, Share!
Be Sociable, Share!

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Secure All your devicesPC, Mac and Smartphone

Get unbeatable protection from every type of malware with Comodo‘s award-winning free Antivirus.

Download Free Antivirus Compatible with Windows 10, 8 & 7