New Windows Zero-Day Grants Full Local Admin Access

It seems like there’s a new local zero-day exploit on Windows almost every day. Today, for example, security researcher Sean Schulte of the Rook Security consultancy revealed a vulnerability that lets any user with standard privileges open an admin prompt of their operating system remotely.

The new Windows 10, 11 & Server editions are vulnerable to an extra admin privilege escalation by pressing the Shift key five times. Someone who has gained access to a system may get more access than they bargained for.

Researcher Abdelhamid Naceri discovered the exploit and published it on GitHub. To verify this issue, we tested it with a Windows PC running Windows 10 21H1 build 19043.1348 and found that it only took a few seconds to gain SYSTEM privileges from a test account with “Standard” privileges.

You can make your home smart with Hive’s Black Friday sale — and I made my home smart with the sale

You might wonder why he chose not to report the vulnerability to Microsoft first. His reason for this is that Microsoft paid out significantly less than what he was offered by BleepingComputer. “Microsoft bounties have been trashed since April 2020, I really wouldn’t do that if MSFT didn’t take the decision to downgrade those bounties,” explained Naceri.

As this is a local exploit, the person would need to access your computer in person. However, as mentioned, it only takes a few seconds for them to get elevated access, so they won’t need to be in possession for long. This is something you need to be careful about, and make sure to check for any available patches when Microsoft releases them.