BlueHammer Windows Zero-Day Exploit Code Released by Disgruntled Researcher

Severity: High (Score: 66.0)

Sources: Cybersecuritynews, Gbhackers, Bleepingcomputer

Summary

A security researcher known as Chaotic Eclipse has publicly released exploit code for a Windows zero-day vulnerability named BlueHammer, allowing local privilege escalation (LPE) to SYSTEM-level access. The exploit was disclosed after the researcher expressed dissatisfaction with Microsoft's handling of the vulnerability through its Security Response Center. Will Dormann, a vulnerability analyst, confirmed that the exploit works and that it poses a significant risk despite requiring local access to exploit. The flaw combines a time-of-check to time-of-use (TOCTOU) issue with path confusion, enabling attackers to access the Security Account Manager (SAM) database. Currently, there is no patch available for this vulnerability, and the exploit code has been published on GitHub. The researcher indicated that the proof-of-concept code has bugs that may hinder its reliability. The situation highlights ongoing concerns regarding the security of Windows systems and the effectiveness of Microsoft's response processes. Key Points: • Chaotic Eclipse released the BlueHammer exploit code for a Windows zero-day vulnerability. • The exploit allows local privilege escalation to SYSTEM-level access without a patch available. • The researcher criticized Microsoft's handling of the vulnerability disclosure process.

Key Entities

• Zero-day Exploit (attack_type)
• T1003 - OS Credential Dumping (mitre_attack)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• Windows (platform)
• BlueHammer (vulnerability)