Security News > 2022 > January > Public Exploit Released for Windows 10 Bug
Security teams might have skipped January's Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access.
It's a bug that now has a proof-of-concept exploit available in the wild.
The exploit was released by Gil Dabah, founder and CEO of Privacy Piiano, who tweeted that he decided not to report the bug two years ago after finding it difficult to get paid on other bug bounties through the Microsoft program.
The bug was being exploited by sophisticated groups as a zero-day issue, Microsoft said.
January's Patch Tuesday was plagued by Windows server update issues that could have understandably made internal security teams pause before downloading the patches.
He noted how to "Kill the bug class": "Improve the kernel zero-day bounty, let more security researchers participate in the bounty program, and help the system to be more perfect."
News URL
https://threatpost.com/public-exploit-windows-10-bug/178135/
Related news
- Windows 10 KB5046714 update fixes bug preventing app uninstalls (source)
- New Windows 10 0x80073CFA fix requires installing WinAppSDK 3 times (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Windows 10 KB5048652 update fixes new motherboard activation bug (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (source)
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Windows 10 KB5049981 update released with new BYOVD blocklist (source)