The vulnerability has a price tag of $120,000 and allegedly targets the following versions of Windows:
Windows Server 2022
Windows Server 23H2
Windows Server 2019
Windows 10 22H2
Windows 10 21H2
Windows 10 1809
Windows 11 23H2
Windows 11 22H2
Windows 11 21H2
According to the threat actor, the exploit takes only 2 seconds to elevate privileges from medium to system level with a success rate of 99.4%. The package is written in C++ and contains source code and detailed documentation.
Technical Details:
The vulnerability is said to be so stable that it leaves no trace during execution. This capability would allow an attacker to execute code with elevated privileges on an infected system, which could lead to a serious security breach.
Safety hazards:
The sale of this Windows LPE zero-day vulnerability highlights the ongoing threat posed by sophisticated cybercriminals and the persistent vulnerabilities in widely used operating systems. The presence of such vulnerabilities in the underground market could have serious consequences for businesses and individuals who rely on affected versions of Windows.
Organizations are urged to be vigilant in applying security patches in a timely manner and to take comprehensivecyber securitymeasures to mitigate the risks posed by such serious vulnerabilities.
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/darkweb-be-selling-windows-lpe-0-day-exploit.html
