Windows 10 WARNING: Huge vulnerability discovered as Microsoft releases May 2019 Update

Windows 10 WARNING: Huge vulnerability discovered as Microsoft releases May 2019 Update

A new zero-day vulnerability has been discovered for Windows 10 (Image: Microsoft • Getty)

WINDOWS 10 users have been warned about a newly discovered security vulnerability shortly after Microsoft started releasing its May 2019 Update for the operating system.


Windows 10
 May 2019 Update is the latest improvement to hit the software and touts a wealth of improvements for users to look forward to.

The software grants fans access to new programmes such as Windows Sandbox and introduces a simplified Start menu for fresh devices.

Additionally, the May 2019 update also separates Cortana from the Search tab and changes how Windows 10 deals with reserved storage.

Microsoft announced it had started releasing the upgrade to Windows 10 users on Tuesday, May 21.

To download the new update, fans should head to their system settings and press Update and Security > Windows Update.

It is worth noting Microsoft typically rolls out its new improvements gradually, meaning Windows 10 users that are not able to obtain the May 2019 Update immediately should not worry.

The release of the upgrade comes as a security researcher has disclosed a new zero-day vulnerability for the operating system that could be harnessed against users in a malicious attack.

For those unfamiliar, a zero-day is a computer vulnerability that is unknown or not remedied by the main party concerned which, in this case, is Microsoft.

The researcher, named SandboxEscaper, published the exploit code on GitHub and also released a demo video of the vulnerability being exploited.

SandboxEscaper has previously disclosed other zero-day vulnerabilities for Windows 10.

As noted by ZDNet, the zero-day concerns a local privilege escalation (LPE) that can be used by a third-party to gain access to the entirety of a machine by granting them administrator access.

The zero-day cannot be exploited by itself to access user computers, but it can be used in conjunction with other methods to increase the effectiveness of doing so.

According to SandboxEscaper, the vulnerability stems from the Windows Task Scheduler.

It is unknown if or when a patch for the zero-day will be released by Microsoft (Image: Microsoft)

It was noted if a hacker runs a specific .job file within the Task Scheduler after initially gaining access to computer, it can grant their account administrative privileges.

This means the malicious third-party would then have the power to alter fundamental system settings and more.

ZDNet said it was told in addition to working for Windows 10, this vulnerability could also be exploited on older Microsoft operating systems such as Windows XP for instance, at least in theory.

It is unknown if or when a patch for the zero-day will be released by Microsoft.

Source : This article was originally published at express.co.uk on May 23,2019.