A Google security researcher who goes by the name, Forshaw, has taken the bold step to publish a security vulnerability in Windows 8.1 that is still exploitable. Forshaw makes the defense that he/she waited 90 days after first publication of the vulnerability before letting the world know how to exploit it, and so far, Microsoft has not patched the issue.
The post was made on Google"s security research site where it discloses the vulnerability and how to execute the flaw. The vulnerability allows for an elevation of privilege in ahcache.sys/NtApphelpCacheControl and there is a demo application that can launch calc.exe using the method.
Windows vulnerabilities are nothing new, with billions of users around the world using various versions of the platform, it is likely the most targeted piece of software on the planet because of the install base. But, when these types of issues come up, the proper thing to do is to let Microsoft know of the issue so that they can fix the vulnerability.
The post does have a tag of MSRC-20544, which appears to be a Microsoft Security Response Center ID number, but no other evidence or what type of communication has occurred with Microsoft about the flaw. These types of issues are generally patched on the second Tuesday of every month, also known as Patch Tuesday.
You can check out the full details of the exploit from the source link below, but know that Larry Seltzer was able to properly execute the vulnerability following the directions within the post. The exploit was only tested on Windows 8.1, it is not known if prior versions of Windows are impacted.
Now that this flaw is open for the world to see, Microsoft will need to act quickly before this flaw is exploited in the wild and impacts consumers.
[Update] Microsoft issued the following response to the vulnerability:
"We are working to release a security update to address an Elevation of Privilege issue. It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid logon credentials and be able to log on locally to a targeted machine. We encourage customers to keep their anti-virus software up to date, install all available Security Updates and enable the firewall on their computer."
Source: Google Security