Unpatched Windows 10 flaw: Google reveals 'high-severity' privilege escalation bug

The vulnerability, revealed by security researchers on Google's Project Zero team, allows attackers to trick Windows 10 into giving them full access to a file.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • For the second time in one week, Google has revealed an unpatched vulnerability in Windows 10.
  • The new 'high-severity' flaw could allow an attacker to gain full access to a file, but typically requires local access to the PC.

Google has revealed an unpatched 'high-severity' vulnerability in Windows 10, the second exploitable flaw in Microsoft's OS it has published in a week.

The latest vulnerability, revealed by security researchers on Google's Project Zero team, allows an attacker to trick Windows 10 into giving full access to a file by manipulating how that file is handled by the OS.

Google told Microsoft about the potential exploit in November last year, and publicized the flaw on Tuesday.

It follows the decision by Google to last week publicly detail a separate 'medium-severity' flaw in Windows 10, which could allow malicious sites to exploit its Edge web browser. Microsoft has since told Google it doesn't have a date for when this issue will be fixed due to its complexity.

Google has a policy of publishing details of software vulnerabilities if they are not patched within 90 days of notifying the relevant vendor.

The latest privilege escalation vulnerability is not exploitable remotely or in browsers that run in a sandbox, such as Google Chrome or Microsoft Edge.

SEE: Securing Windows policy (Tech Pro Research)

Nevertheless, researchers say it is high severity due to the ease with which it could be exploited by someone who already has the ability to remotely execute code on the computer or who is logged into the machine locally.

Google has produced proof-of-concept code that exploits the vulnerability in the latest Fall Creators Update version of the OS. The code exploits Windows 10's Storage Services, manipulating the SvcMoveFileInheritSecurity method into letting an attacker edit a file to which they should only have read access.

Although Microsoft appeared to have fixed the vulnerability in February's Patch Tuesday update, Project Zero researcher James Forshaw says it remains unaddressed.

According to Google, Microsoft considers the flaw to be an 'Important', but not a 'Critical', issue. This designation affects how much of a priority fixing the issue is. Microsoft had not responded to a request for comment at the time this article was published.

Windows 10 security was under the spotlight yesterday, when it was revealed that its anti-malware scan interface (AMSI) is truncating files whenever it detects a null character, leaving malicious code included after unscanned.

Also see

Image: iStock/RGBAlpha

About Nick Heath

Nick Heath is chief reporter for TechRepublic. He writes about the technology that IT decision makers need to know about, and the latest happenings in the European tech scene.

Editor's Picks

Free Newsletters, In your Inbox