Threat actor ‘vulns-rock‘ advertised new 0-day local privilege escalation exploit for several Windows versions in xss.is forum.
LPE is a type of vulnerability in Windows that allows an attacker to gain elevated privileges on a system. According to the advertisement, this LPE exploits that is developed in C++ language supports both x32 and x64 bit systems and allows attacker raising privilege from medium to system.
The exploit can be used in the OSs below;
Windows 11
Windows 10
Windows 8.1
Windows 8
Windows Server 2012
Windows Server 2019
Windows Server 2016
Windows Server 2012
XSS.is is an open registration Russian-language forum. Visitors can access the forum’s open sections and aspiring members are able to register to the forum for free. For registration, users are required to provide a username, a password, a valid email address, and answer a security-related question to demonstrate their technical proficiency.