Users of WINDOWS 10 are being warned of a new zero-day security vulnerability, shortly after Microsoft started releasing the May 2019 update to its operating system. A zero-day is a vulnerability that is unknown or not remedied by the main party involved, which in this case, is Microsoft.
The zero-day vulnerability relates to a local privilege escalation (LPE) that can be used by attackers to access an entire machine by granting them administrator status. It cannot be exploited to access user computers, but when combined with other methods, the effectiveness of this process can be ensured.
According to researchers who discovered this vulnerability, the flaw comes from the Windows Task Scheduler. This means that if a hacker runs a specific job file within the task scheduler, it can grant administrator privileges to the hacker’s account and allow the hacker to alter basic system settings, causing considerable damage.
The Windows latest upgrade, released on May 21st, boasts of a host of improvements to the software, including new programmes such as Windows Sandbox, a less complicated Start Menu for new devices and a separate Cortana and search tab, in addition to changes in the way Windows 10 reacts to reserved storage.
It is still not known when Microsoft will release the patch for the zero-day vulnerability.