I've confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM! https://twitter.com/SandboxEscaper/status/1034125195148255235 …
-
-
I can't imagine too many people are interested, but I can confirm that with minor tweaks the public exploit code for the Windows Task Manager ALPC vul works on 32-bit Windows 10 as well.pic.twitter.com/1pf2JU6D2o
Show this thread -
But my systems have antivirus! With AI and heuristics and stuff... Get real. https://www.virustotal.com/#/file/81a4dbf1132e6cb43f45b803b8f46e85cb9d3a60dbe560762f4cc49461758641/detection …pic.twitter.com/cRKKrFIudw
Show this thread -
New conversation -
-
-
Denying read access to C:\Windows\Tasks would break the PoC, but any competent adversary could just change the folder path to something else.
-
Disabling the Task Scheduler service appears to block the exploit. However: 1) This requires SYSTEM privileges (Admin isn't enough) 2) Once disabled, I could imagine a good amount of collateral damage, including disabling Windows Update. Not sure I can in good faith recommend.
- 1 more reply
New conversation -
-
-
Did you test on the same build as the video?
-
I tested on a fully-patched 64-bit Windows 10 system.
- 1 more reply
New conversation -
-
-
You should be able to detect via Event Log, have a look at Task Scheduler log.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The Analyst Twitter account and tweet had been deleted...
-
Yeah, you should change the URL to point to the GitHub repository instead. https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar …
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.