New zero-day vulnerability found in Windows | Avast

A Twitter user named SandboxEscaper posted, quite colorfully, on social media yesterday about a newly-discovered security flaw in Microsoft Windows. While the vulgarity-laced tweet has since been deleted, the zero-day Windows vulnerability has been authenticated and verified by experts.

The security flaw is a local privilege escalation caused by manipulation and exploitation of the Advanced Local Procedure Call (ALPC) system. Basically, it is a backdoor into the Windows system and allows the hacker to get system administrator access to a compromised PC. Microsoft plans to issue a patch for the flaw possibly in its next month’s Patch Tuesday Update, which is scheduled for September 11th.

In the meantime, there is currently no known workaround of this zero day vulnerability. Because the flaw necessitates a hacker to gain local access first, some believe the threat risk is relatively low. However, hackers could theoretically try to gain access to your local machine by using phishing techniques to get malware on your machine and take advantage of this new vulnerability.  So, until the patch is available mid-September (hopefully), stay aware of this new Windows vulnerability.

Avast recommends:

Stay vigilant — Be extra cautious of strange emails trying to force your hand into an action like clicking a link or opening an attachment. Social engineering tactics create a false sense of urgency in the hopes you’ll act before thinking. There’s a lot of phishing going on in your inbox — don’t take the bait.

Update — Always implement software updates as soon as they’re available. Your operating system, your apps, your antivirus, all of it. Updates tend to come about for security reasons, and they’re critical to keeping your defenses strong. When Microsoft releases the patch for this flaw, download and install it immediately.



*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/new-zero-day-vulnerability-found-in-windows