Researchers from Trustwave’s SpiderLabs research team recently discovered a new zero-day exploit that affects all versions of Windows from Windows 2000 all the way up to Windows 10.
Trustwave initially discovered the exploit last month after seeing it advertised on a Russian hacking forum for the not-so-affordable price of $95,000. According to security researcher Brian Krebs, the exploit is of the “local privilege escalation” variety and, as a result, works in tandem with other exploits.
“An attacker may already have a reliable exploit that works remotely,” Krebs explains, “but the trouble is his exploit only succeeds if the current user is running Windows as an administrator. No problem: Chain that remote exploit with a local privilege escalation bug that can bump up the target’s account privileges to that of an admin, and your remote exploit can work its magic without hindrance.”