The new vulnerability is categorized as a Local Privileges Upgrade (LPE) vulnerability that can be used to increase the privilege of running rancid code on a computer by exploiting vulnerabilities in the Task Scheduler. Fortunately, hackers cannot exploit this vulnerability alone to invade computers in the first place, but may use them in conjunction with these types of vulnerabilities.
In addition to the source code of the vulnerability, SandboxEscaper alsoPosted a videoShows the situation where this zero-day vulnerability was attacked. It has been tested and confirmed to be inWindows10 32-bit systems are running, but we believe that with some modifications, we can see that it runs on all versions of Windows and has been "downward compatible" to Windows XP and Windows Server 2003.
according toMicrosoftThe vulnerability was not warned in advance, so the company must now race against time to resolve the issue. The next patch, Tuesday, is scheduled for mid-June, while attackers can use this window to attack systems around the world.