Researcher releases the PoC exploit for unpatched Windows 10 zero-day bug
On May 21, 2019, sandboxescaper uploaded a 0Day code for the Windows 10 arbitrary file deletion on github, which is the fifth 0Day released by sandboxescaper since August 2018. The vulnerability principle is similar to the vulnerability principle previously released by sandboxescaper. The new vulnerability is categorized as a local privilege escalation vulnerability that can be used to increase the privilege of running rancid code on a computer by exploiting vulnerabilities in the Task Scheduler.
In addition to the source code for the vulnerability, SandboxEscaper also released a video showing how the zero-day vulnerability was attacked.
It has been tested and confirmed to work on Windows 10 32-bit systems, but we believe that with some modifications, it can be seen that it can run on all versions of Windows.
Via: thehackernews