Due to the far reaching implications , Security Researchers will typically submit Vulnerability-related.DiscoverVulnerability serious 0-day Windows exploits to Microsoft and give the company ample time to patch Vulnerability-related.PatchVulnerability the vulnerabilities before they can be used to create malware and do harm . A security researcher that goes by the Twitter handle SandboxEscaper , however , decided it would be a good idea to expose Vulnerability-related.DiscoverVulnerability a 0-day threat to the world on Twitter , without forewarning Vulnerability-related.DiscoverVulnerability Microsoft , and even linked to proof on concept code on GitHub that has since been verified as functional . The language in the original Tweet prevents me from directly embedding it here . SandboxEscaper essentially said Vulnerability-related.DiscoverVulnerability , “ Here is the alpc bug as 0day ... I do n't * * * * ing care about life anymore . Neither do I ever again want to submit to MSFT anyway ... ” The official post on the CERT/CC website explains Vulnerability-related.DiscoverVulnerability , “ The Microsoft Windows task scheduler SchRpcSetSecurity API contains Vulnerability-related.DiscoverVulnerability a vulnerability in the handling of ALPC , which can allow a local user to gain SYSTEM privileges . We have confirmed Vulnerability-related.DiscoverVulnerability that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems . We have also confirmed Vulnerability-related.DiscoverVulnerability compatibility with 32-bit Windows 10 with minor modifications to the public exploit code . Compatibility with other Windows versions is possible with further modifications. ” At this point , Microsoft does not have a patch at the ready , but according to reports a fix will be coming Vulnerability-related.PatchVulnerability in the next batch of patch Tuesday updates . Because the exploit requires the local execution of code , it doesn ’ t necessarily warrant an out-of-band update . However , with proof of concept code readily available , it ’ s possible nefarious individuals could trick less savvy users into running the code and gain full access to their systems . As always , never execute any files from unknown or untrusted sources.The bug lies in the Windows Task Scheduler ’ s Advanced Local Procedure Call , or ALPC , interface . It allows a local user to gain system level privileges and have free reign over the system to do whatever they want , including overwriting / modifying system files . Will Dormann of CERT/CC verified Vulnerability-related.DiscoverVulnerability the original exploit code works on a fully patched Windows 10 x64 installation and later modified the code to work on 32-bit systems as well .

Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub , and found Vulnerability-related.DiscoverVulnerability 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials . The researchers identified popular tutorials by inputing search terms such as “ mysql tutorial ” , “ php search form ” , “ javascript echo user input ” , etc . into Google Search . The first five results for each query were then manually reviewed and evaluated for SQLi and XSS vulnerabilities by following OWASP ’ s guidelines ( Reviewing Code for SQL Injection , Cross Site Scripting Prevention Cheat Sheat ) . This resulted in the discovery Vulnerability-related.DiscoverVulnerability of 9 tutorials containing vulnerable code ( 6 with SQLi , 3 with XSS ) . Based on these , they created two types of queries that they used against the aforementioned data set obtained from GitHub . “ We use strict queries to identify known vulnerable patterns in web applications , and normal queries to identify code analogues of tutorial code , ” they explained . The results were , finally , manually reviewed by the researchers . “ Thanks to our framework , we have uncovered Vulnerability-related.DiscoverVulnerability over 100 vulnerabilities in web application code that bear a strong resemblance to vulnerable code patterns found Vulnerability-related.DiscoverVulnerability in popular tutorials . More alarmingly , we have confirmed Vulnerability-related.DiscoverVulnerability that 8 instances of a SQLi vulnerability present in Vulnerability-related.DiscoverVulnerability different web applications are an outcome of code copied from a single vulnerable tutorial , ” they noted . “ Our results indicate Vulnerability-related.DiscoverVulnerability that there is a substantial , if not causal , link between insecure tutorials and web application vulnerabilities. ” “ [ Our findings ] suggest that there is a pressing need for code audit of widely consumed tutorials , perhaps with as much rigor as for production code , ” they pointed out . In their research , they evaluated only PHP application code , but their approach can be easily used to evaluate codebases in other programming languages , especially because they have made available their crawler ( GithubSpider ) and code analogue detector ( CADetector ) tools . Unfortunately , such a search can be easily replicated – “ even with limited resources such as a standard PC and a broadband DSL connection ” – by individuals or groups intent of discovering Vulnerability-related.DiscoverVulnerability vulnerabilities in software for future exploitation .

Microsoft Windows users beware of Vulnerability-related.DiscoverVulnerability an unpatched memory corruption bug which could be exploited Vulnerability-related.DiscoverVulnerability to cause denial of service ( DoS ) attacks as well as other exploits . The vulnerability is in the SMB ( Server Message Block ) and is caused by the platform 's inability to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure , according to a Feb 2 CERT advisory . If a user connects to a malicious SMB server , a vulnerable Windows client system may crash and display a blue screen of death ( BSOD ) in mrxsmb20.sys , the advisory said . Researchers have confirmed Vulnerability-related.DiscoverVulnerability the flaw affects Vulnerability-related.DiscoverVulnerability fully-patched Windows 10 and Windows 8.1 client systems , as well as the server equivalents of these platforms , Windows Server 2016 and Windows Server 2012 R2 . The vulnerability is still being examined and it is possible that the flaw may enable more exploits as well . A researcher by the moniker “ PythonResponder ” first reported Vulnerability-related.DiscoverVulnerability the zero day and a proof-of-concept code was published to GitHub shortly after . It is recommended that users consider blocking outbound SMB connections from the local network to the WAN in order to prevent remote attackers from causing denial of service attacks