Security expert publishes Windows exploit after Microsoft went silent
Summary created by Smart Answers AI
In summary:
- PCWorld reports the zero-day “BlueHammer” vulnerability that allows attackers to potentially take control of Windows computers via privilege escalation.
- A frustrated security researcher published the exploit after Microsoft failed to respond to its disclosure in a timely manner.
- The exploit targets a flaw between verification time and use time, although the researcher intentionally included flaws to prevent widespread misuse.
A security researcher discovered an unpatched vulnerability in Windows and reported it to the Microsoft Security Response Center. However, they did not respond to his report in time and now an exploit is circulating in the wild… which appears to have been created by the very researcher who discovered the vulnerability.
As BleepingComputer reports, this is a zero-day vulnerability that has been recognized as such by Microsoft but has not yet been patched. The vulnerability is called “BlueHammer” and would even allow attackers to take over an entire Windows computer.
Analysts consider the threat to be very real. The vulnerability apparently exploits a combination of a time-of-check to time-of-use (TOCTOU) flaw and a misconfigured file path. It relies on checking a file and then changing its state before it is actually used. So, if an attacker manipulates a file during this specific window, the system skips the initial check.
Attackers can use this method to access different levels of the system and elevate their privileges. Ultimately, this allows them to intercept the passwords of locally created accounts and take control of the systems.
However, the process to fully exploit the vulnerability is quite complex and does not always work. Additionally, the researcher who discovered the vulnerability released his exploit code with deliberate flaws to prevent attackers from simply using it directly. However, vulnerability is dangerous and should not be underestimated.
Microsoft’s response
Speaking to BleepingComputer, a Microsoft representative said: “Microsoft is committed to our customers to investigate reported security issues and update affected devices to protect customers as soon as possible. We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure that issues are thoroughly investigated and resolved before public disclosure, supporting both customer protection and the security research community.”
However, this disclosure was arguably anything but “coordinated,” since the vulnerability’s discoverer acted on his own initiative, apparently out of frustration with the approach taken by Microsoft’s security team.
By the way: If you’re using Windows 11 Home, you’re missing out on the many benefits of Windows 11 Pro. To learn more, check out our comparison of Windows 11 Home and Pro. If you want to upgrade, buy it cheaply from the PCWorld software store: now only $59 instead of $99.
This article was originally published on our sister publication PC-WELT and has been translated and localized from German.
