Exploiting the flaw is important and intruders can use it to launch their attack after the initial infection of the target host, although it only works on machines with Hyper-V enabled.
Researcher Jonas Lykkegaard last week published a tweet showing how an unauthorized user can create an arbitrary file in the "system32" folder, which contains important files for the Windows operating system and installed software.
However, this only works if Hyper-V is already active, which limits the range of targets, as the option is disabled by default and is in the Windows 10 Pro, Enterprise and Education.
Hyper-V is Microsoft 's solution for building virtual machines (VMs) on Windows 10. Depending on the physical resources available on the host, at least three virtual machines may be running.
An average user may never use this feature, but they may run Windows sandbox, an isolated environment for running programs or loading unreliable websites without risking infecting the normal Windows operating system.
To show the vulnerability, Lykkegaard created an empty file in system32 called phoneinfo.dll. Making changes to this folder requires increased permissions, but these restrictions "go for a walk" when Hyper-V is enabled.
So since the creator of the file is also the owner of the computer, an attacker can use it to place malicious code that will run with elevated privileges when needed.
CERT CC vulnerability analyst Will Dormann confirmed that the vulnerability exists and that its exploitation does not require literally any effort from the perpetrator to the victim.
Although this vulnerability is easy to exploit, there are more dangerous issues at Windows 10 that Microsoft will have to deal with. That's why he decided to publish the vulnerability on Twitter and not mention it through Microsoft's bug bounty program.