Researcher Drops Windows 10 Zero-Day Exploit

A researcher has made public technical details, a video and proof-of-concept (PoC) exploit code for an unpatched local privilege escalation (LPE) vulnerability affecting Windows.

The flaw, disclosed by a researcher who uses the online moniker SandboxEscaper, is related to discretionary access control lists (DACL) and the Task Scheduler, and the exploit has been confirmed to work reliably on a fully patched Windows 10 machine, including 64-bit systems.

The vulnerability allows an attacker with ..