Due to the far reaching implications , Security Researchers will typically submit Vulnerability-related.DiscoverVulnerability serious 0-day Windows exploits to Microsoft and give the company ample time to patch Vulnerability-related.PatchVulnerability the vulnerabilities before they can be used to create malware and do harm . A security researcher that goes by the Twitter handle SandboxEscaper , however , decided it would be a good idea to expose Vulnerability-related.DiscoverVulnerability a 0-day threat to the world on Twitter , without forewarning Vulnerability-related.DiscoverVulnerability Microsoft , and even linked to proof on concept code on GitHub that has since been verified as functional . The language in the original Tweet prevents me from directly embedding it here . SandboxEscaper essentially said Vulnerability-related.DiscoverVulnerability , “ Here is the alpc bug as 0day ... I do n't * * * * ing care about life anymore . Neither do I ever again want to submit to MSFT anyway ... ” The official post on the CERT/CC website explains Vulnerability-related.DiscoverVulnerability , “ The Microsoft Windows task scheduler SchRpcSetSecurity API contains Vulnerability-related.DiscoverVulnerability a vulnerability in the handling of ALPC , which can allow a local user to gain SYSTEM privileges . We have confirmed Vulnerability-related.DiscoverVulnerability that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems . We have also confirmed Vulnerability-related.DiscoverVulnerability compatibility with 32-bit Windows 10 with minor modifications to the public exploit code . Compatibility with other Windows versions is possible with further modifications. ” At this point , Microsoft does not have a patch at the ready , but according to reports a fix will be coming Vulnerability-related.PatchVulnerability in the next batch of patch Tuesday updates . Because the exploit requires the local execution of code , it doesn ’ t necessarily warrant an out-of-band update . However , with proof of concept code readily available , it ’ s possible nefarious individuals could trick less savvy users into running the code and gain full access to their systems . As always , never execute any files from unknown or untrusted sources.The bug lies in the Windows Task Scheduler ’ s Advanced Local Procedure Call , or ALPC , interface . It allows a local user to gain system level privileges and have free reign over the system to do whatever they want , including overwriting / modifying system files . Will Dormann of CERT/CC verified Vulnerability-related.DiscoverVulnerability the original exploit code works on a fully patched Windows 10 x64 installation and later modified the code to work on 32-bit systems as well .