Windows Local Privilege Escalation (LPE) Zero-Day Vulnerability Sold on the Dark Web

The dark web is selling a Windows Local Privilege Escalation (LPE) zero-day vulnerability that reportedly affects multiple versions of the Windows operating system, including the latest version. This alarming development has been disclosed via an underground marketplace where threat actors have provided detailed specifications and capabilities of the vulnerability.

The vulnerability has a price tag of $120,000 and allegedly targets the following versions of Windows:

Windows Local Privilege Escalation (LPE) Zero-Day Vulnerability Sold on the Dark Web

Windows Server 2022
Windows Server 23H2
Windows Server 2019
Windows 10 22H2
Windows 10 21H2
Windows 10 1809
Windows 11 23H2
Windows 11 22H2
Windows 11 21H2

According to the threat actor, the exploit takes only 2 seconds to elevate privileges from medium to system level with a success rate of 99.4%. The package is written in C++ and contains source code and detailed documentation.

Technical Details:

The vulnerability is said to be so stable that it leaves no trace during execution. This capability would allow an attacker to execute code with elevated privileges on an infected system, which could lead to a serious security breach.

Safety hazards:

The sale of this Windows LPE zero-day vulnerability highlights the ongoing threat posed by sophisticated cybercriminals and the persistent vulnerabilities in widely used operating systems. The presence of such vulnerabilities in the underground market could have serious consequences for businesses and individuals who rely on affected versions of Windows.

Organizations are urged to be vigilant in applying security patches in a timely manner and to take comprehensivecyber securitymeasures to mitigate the risks posed by such serious vulnerabilities.

Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/darkweb-be-selling-windows-lpe-0-day-exploit-html

Like (0)
Previous May 28, 2024 am8:28 am
Next August 10th, 2024 at 8:45 am