2 min Applications

Microsoft patches zero-day leak only two weeks after discovery

Microsoft patches zero-day leak only two weeks after discovery

At the end of last month, someone had just dumped a zero-day leak on Twitter to give users access to Windows 10 systems. The find was confirmed later that day, but it was only today that Microsoft released an update to close the leak.

On August 29, someone had just thrown a zero-day leak for Windows 10 on Twitter with a proof-of-concept on GitHub so everyone could work with it. Microsoft then ruled that the new vulnerability is not serious enough to force a separate patch outside Patch Tuesday. Today it released a patch to close the leak.

Machine hijacking

Microsoft Windows task scheduler contained a vulnerability in control of Advanced Local Procedure Call (ALPC). The latter gives a local user access to SYSTEM privileges. However, ALPC limits the impact of the zero-day leak. It’s a local bug. You have to be logged in, or the code has to be running, to hijack a machine.

Initially, the danger didn’t seem that serious, but later the zero-day leak was integrated into a malware campaign. This has accelerated everything in order to achieve a quick solution. If you run Windows Update today, you will automatically receive the patch.

Other leaks

Microsoft has also plugged 61 other security holes. These include Windows, Microsoft Edge, Internet Explorer, ASP.NET, the .NET framework, Microsoft Office, Microsoft Office Services and Web Apps and Adobe Flash Player.

Of all the patches, 17 were critical according to Microsoft. This means that abuse is relatively easy and would result in even more damage. Would you like to see in detail what’s been patched? Then surf to Microsoft’s official Security Update Guide portal. There you can filter interactively so that you only find the options that are relevant to you.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.