A severe zero-day vulnerability concept has been posted to GitHub by a hacker that is labeled as “SandboxEscaper.”
First identified by The Hacker News, the exploit is a privilege escalation issue that could allow a local attacker or malware to gain and run code with administrative system privileges on the targeted machines, eventually allowing the attacker to gain full control of the machine.
Microsoft is aware of the code and the vulnerability and is currently researching the situation.
When approached about the vulnerability news, company reps delivered the following placeholder statement…
Microsoft has a customer commitment to investigate reported security issues and update impacted devices promptly. We are aware of the reporting on this issue and investigating. Solutions to verified security issues are normally released via our monthly Update Tuesday cadence.
We evaluated the reported vulnerability and determined that it did not meet the bar for immediate servicing. When a reported security issue is investigated and found to not meet our criteria for immediate servicing, the issue becomes a candidate for a future defense-in-depth fix. At this time, we will not be providing ongoing updates of the status of the fix for this issue.
If the research on the issue results in more critical response, Microsoft will deploy updates sooner.