Windows 10 zero-day vulnerability revealed, with more to come

SandboxEscaper has found another security flaw in Microsoft’s OS

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Windows 10has another zero-day vulnerability, as discovered by a security researcher who specializes in finding bugs inMicrosoft’soperating system– and has previously publicly outed them without warning before.

The unpatched vulnerability highlighted by SandboxEscaper has been confirmed to work onWindows 10(32-bit) systems, as reported byZDNet. Furthermore, with some tweaking, it could theoretically be leveraged against any version of Windows (going as far back as Windows XP).

Utilizing a bug in the Task Scheduler in Windows, this is a local privilege escalation security flaw, meaning it can be used by a hacker to raise an account with low-level privileges on a PC to a full admin account (in other words, allowing them to do anything on the victim’s computer).

Note, however, that this security flaw can’t be used to gain access to a PC. It’s an exploit for malicious parties who have already hacked their way onto a computer, and a way for them to subsequently elevate their privileges to be able to do more.

Even so, this is obviously something Microsoft needs to address swiftly, and will perhaps be patched in the nextround of security updatesto arrive in June.

More where that came from

As we mentioned at the outset, SandboxEscaper is renowned for being a thorn in Microsoft’s side, and inOctober 2018 she released detailsof a bug that can also be abused to elevate privileges on a system, anddrew attention to a similar flawback in August 2018.

More worryingly, she has also claimed that she’s found four further unpatched bugs in Windows, so we can expect more revelations in the pipeline fairly soon, no doubt.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

SandboxEscaper previously highlighted these bugs on Twitter, but seemingly has had several of her Twitter accounts suspended in the past.

ViaMSPowerUser

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - ‘I Know What You Did Last Supper’ - was published by Hachette UK in 2013).

Alt + Tab trouble: Windows 11’s 24H2 update turns time-saving shortcut into ten-second headache

Windows 11’s Paint and Notepad apps are getting smart new AI features – though one of the best will be for Copilot+ PCs only

I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday