A cybersecurity specialist identified an undisclosed flaw in Windows and notified the Microsoft Security Response Center about it. Due to the company's failure to reply promptly, an exploit for this issue is now available publicly, reportedly developed by the same individual who first spotted the problem.
According to coverage from BleepingComputer, Microsoft has acknowledged this zero-day issue but has not issued a fix yet. Dubbed 'BlueHammer,' the flaw reportedly enables malicious actors to seize complete control over a Windows machine.
Experts view the risk as significant. The defect combines a 'time-of-check to time-of-use' (TOCTOU) weakness with an improperly set file path. It takes advantage of a scenario where a file passes an initial verification but then alters its condition prior to actual utilization, allowing a brief opportunity for interference that bypasses security measures.
This technique permits intruders to navigate through different system access tiers and elevate their permissions. In the end, it facilitates the capture of credentials for user accounts on the local machine and full domination over the device.
That said, executing the exploit fully remains intricate and unreliable in every instance. The discoverer intentionally included errors in the released code to hinder straightforward adoption by threats. Even so, the underlying vulnerability poses a serious hazard that demands attention.
In comments to BleepingComputer, a Microsoft spokesperson stated: 'Microsoft is committed to reviewing security reports from customers and applying updates to affected systems swiftly to safeguard users. We endorse coordinated vulnerability disclosure, an established protocol in the field that promotes thorough examination and resolution prior to any public reveal, benefiting both end-users and the research ecosystem.'
Yet, the release in question deviated sharply from coordinated norms, with the finder proceeding independently amid apparent dissatisfaction with Microsoft's handling of the matter.