A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.
BleepingComputer has tested the exploit and used it to open to command prompt with SYSTEM privileges from an account with only low-level ‘Standard’ privileges.
Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network.
The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.