A previously unknown bug, if exploited, allows potential hackers to take over the system.
A Twitter user named SandboxEscaper posted, quite colorfully, on social media yesterday about a newly-discovered security flaw in Microsoft Windows. While the vulgarity-laced tweet has since been deleted, the zero-day Windows vulnerability has been authenticated and verified by experts.
The security flaw is a local privilege escalation caused by manipulation and exploitation of the Advanced Local Procedure Call (ALPC) system. Basically, it is a backdoor into the Windows system and allows the hacker to get system administrator access to a compromised PC. Microsoft plans to issue a patch for the flaw possibly in its next month’s Patch Tuesday Update, which is scheduled for September 11th.
In the meantime, there is currently no known workaround of this zero day vulnerability. Because the flaw necessitates a hacker to gain local access first, some believe the threat risk is relatively low. However, hackers could theoretically try to gain access to your local machine by using phishing techniques to get malware on your machine and take advantage of this new vulnerability. So, until the patch is available mid-September (hopefully), stay aware of this new Windows vulnerability.
Stay vigilant — Be extra cautious of strange emails trying to force your hand into an action like clicking a link or opening an attachment. Social engineering tactics create a false sense of urgency in the hopes you’ll act before thinking. There’s a lot of phishing going on in your inbox — don’t take the bait.
Update — Always implement software updates as soon as they’re available. Your operating system, your apps, your antivirus, all of it. Updates tend to come about for security reasons, and they’re critical to keeping your defenses strong. When Microsoft releases the patch for this flaw, download and install it immediately.
Investigations into the 2018 hack of Jeff Bezos’ phone revealed “credible” evidence that the Amazon owner was targeted by Saudi crown prince Mohammed bin Salman.
Phishing scammers head into the new year with an arsenal of new tactics, including conversation-hijacking, hidden text, keyword stuffing, and homograph use.