ALPC Task Scheduler 0-Day

ALPC Task Scheduler 0-Day

Adam Nichols

On Monday (August 27, 2018) a Local Privilege Escalation (LPE) 0-day was released which reportedly affects Windows 10 and Server 2016, at a minimum.  We investigated this to understand the vulnerability, the current Proof of Concept (PoC) exploit, and wanted to write it up in terms which explain the actual risk to organizations.

A Three-Step Approach to Threats: What All Organizations Should Know (but Equifax Doesn’t)

A Three-Step Approach to Threats: What All Organizations Should Know (but Equifax Doesn’t)

Bryson Bort
Within the context of historical cyber breaches, this can be classified as a massive attack: Equifax, one of the “big three” credit-rating agencies, announced earlier this month thathackers gained access to the Social Security numbers, credit card data, driver’s licenses, home addresses and other personally identifiable information (PII) of up to 143 million Americans. Some two-dozen class-action lawsuits (and counting?) followed, along with stinging criticism from consumer groups and congressional leaders.