0Day of Windows 10 is freely available on Twitter

0Day on Twitter! Not in underground forums, or in Darkweb, but freely on Twitter and on Github (now owned by Microsoft).

A big surprise awaited Microsoft when they announced that a zero-day vulnerability of theirs Windows, circulates freely on Twitter. The vulnerability allows an attacker to gain system privileges on computer of the victim.

The tweet came from the account @SandboxEscaper. As you can see in the picture below, the researcher also published a link to Github that contained all the necessary for a successful PoC.

Of course, the Git link does not exist anymore, and it is a surprise that there is still a Twitter announcement.

CERT researcher Phil Dormann, confirmed the error on Twitter and explained that it worked on a "fully updated system with Windows 10 at 64bit."

A publication in CERT provides more details on vulnerability, but points out that there is still some information about the affected systems.

Microsoft for its part told The Registry that it is preparing a patch that will probably be released next Patch Tuesday, that is, on September 11th. The company rather strictly adheres to the schedule of its employees and does not allow overtime even if millions of systems are at risk.

It seems that all versions of Windows 10 are affected, whether or not they have been updated. Older versions of Windows (Windows 7 and Windows 8.1) do not appear to be affected by this vulnerability.

With regard to better safety of your system and until Microsoft decides to release the update to close the space of 0Day (by the book on the next Patch Tuesday), you should avoid downloading and running applications and files from unreliable sources.

_________________________________

• Keeper: Complaint about the publication of the vulnerability
• Modified NSA exploits also work on Windows 10
• Debian: A comprehensive guide to everything in English
• SUSE new custom kernel specifically for Microsoft Azure