0Day on Twitter! Not in underground forums, or in Darkweb, but freely on Twitter and on Github (now owned by Microsoft).
A big surprise awaited Microsoft when it announced that a Windows zero-day vulnerability is released freely on Twitter. Vulnerability allows the attacker to obtain system privileges on the victim's computer.
The tweet came from the account @SandboxEscaper. As you can see in the picture below, the researcher also published a link to Github that contained all the necessary for a successful PoC.
Of course, the Git link does not exist anymore, and it is a surprise that there is still a Twitter announcement.
CERT researcher Phil Dormann, confirmed the error on Twitter and explained that he operated in a “fully informed system με Windows 10 στα 64bit.”
A publication in CERT provides more details on vulnerability, but points out that there is still some information about the affected systems.
Microsoft, for its part, told The Registry that it is preparing a patch that will probably be released in the next Patch Tuesday, that is, on September 11th. The company rather strictly adheres to the schedule of its employees and does not allow overtime even if millions of systems are at risk.
It seems that all versions of Windows 10 are affected, whether or not they have been updated. Older versions of Windows (Windows 7 and Windows 8.1) do not appear to be affected by this vulnerability.
Regarding the security of your system and until Microsoft decides to release the update to close his gap 0Day (by the book on the next Patch Tuesday), it would be best to avoid it λήψη and implementation applications and files from untrusted sources.
_________________________________
- Keeper: Complaint about the publication of the vulnerability
- Modified NSA exploits also work on Windows 10
- Debian: A comprehensive guide to everything in English
- SUSE new custom kernel specifically for Microsoft Azure
Win 8.1 with start is back and full update. After the failed experiment to move from 7 to 10, it was the solution
:-)
another is the solution Lefteris…