Skip to main content

A new exploit has emerged for an old Windows 10 bug after botched patch

coding
(Image credit: Shutterstock / Gorodenkoff)

Researchers have identified a new exploit for a Windows 10 vulnerability identified in May that allowed hackers to escalate their privileges on a target machine.

After the bug came to light, Microsoft issued a patch that was supposed to rectify the issue, but it appears the update failed to guard against an alternative exploit.

According to Maddie Stone, a researcher at Google Project Zero, the Windows 10 flaw can still be abused, with small adjustments to the attack method.

“The original issue was an arbitrary pointer dereference, which allowed the attacker to control the src and dest pointers to a memcpy,” Stone tweeted.

The Microsoft patch was ineffective, she explains, because it “simply changed the pointers to offsets, which still allows controls of the argos to the memcpy.”

The main fear, when it comes to partial fixes, is that hackers can use knowledge of the original exploit to develop new zero-days with greater ease.

Windows 10 security bug

First identified by researchers at security firm Kaspersky, the bug affects a range of Windows operating systems, including various iterations of Windows 10, Windows Server, Windows 7 and Windows 8.

While the overall vulnerability was rated 7.5/10 by the Common Vulnerability Scoring System (CVSS), it was classified as maximum severity specifically in relation to Windows 10 devices.

Chained with a second flaw present in Internet Explorer 11, the Windows bug was abused by hackers to run malicious code on affected devices that allowed them to escalate their privileges to kernel level.

To demonstrate the vulnerability can still be exploited, Stone published proof-of-concept code based on material made available by Kaspersky with the original disclosure.

Microsoft was alerted to the alternative exploit in mid-September and has acknowledged the issue. The firm intended to roll out a second patch in November, but further complications mean the fix has been postponed until January.

Owners of affected devices will need to wait for the patch to drop in the new year.

Via Bleeping Computer

Joel Khalili

Joel Khalili is a Staff Writer working across both TechRadar Pro and ITProPortal. He's interested in receiving pitches around cybersecurity, data privacy, cloud, storage, internet infrastructure, mobile, 5G and blockchain.