A Windows zero-day exploit dropped by developer SandboxEscaper would allow local privilege-escalation (LPE), by importing legacy tasks from other systems into the Task Scheduler utility.
It’s the latest zero-day from SandboxEscaper, who said that she has four more in the hopper that she’d like to sell for $60,000 to non-Western buyers.
Mitja Kolsek, co-founder of 0patch and CEO of Arcos Security, told Threatpost that the bug is a typical LPE flaw, allowing a low-privileged user on the computer to arbitrarily modify any file, including system executables.
