0Day of Windows 10 is freely available on Twitter

0Day on Twitter! Not in underground forums, or at dark web, but freely on Twitter and Github (now owned by Microsoft).

A big surprise awaited Microsoft when it was informed that a Windows zero-day vulnerability is freely circulating on Twitter. The vulnerability allows an attacker to gain system privileges on computer of the victim.

The tweet came from the account @SandboxEscaper. As you can see in the picture below, the researcher also published a link to Github that contained all the necessary for a successful PoC.

Of course, the Git link does not exist anymore, and it is a surprise that there is still a Twitter announcement.

CERT researcher Phil Dormann, confirmed the error on Twitter και εξήγησε ότι λειτούργησε σε ένα "πλήρως ενημερωμένο σύστημα με Windows 10 στα 64bit."

A publication in CERT provides more details on vulnerability, but points out that there is still some information about the affected systems.

Microsoft, for its part, told The Registry that it is preparing a patch that will probably be released on the next Patch Tuesday, that is, on September 11. The company seems to be very strict with its employees' hours and does not allow overtime even if it is dangerous millions systems.

It seems that all versions of Windows 10 are affected, whether or not they have been updated. Older versions of Windows (Windows 7 and Windows 8.1) do not appear to be affected by this vulnerability.

Regarding the security of your system and until Microsoft decides to release the update to close the space of 0Day (by the book on the next Patch Tuesday), it would be a good idea to avoid downloading and implementation applications and files from untrusted sources.

_________________________________

• Keeper: Complaint about the publication of the vulnerability
• Modified NSA exploits also work on Windows 10
• Debian: A comprehensive guide to everything in English
• SUSE new custom kernel specifically for Microsoft Azure