A new zero-day Local Privilege Escalation (LPE) attack has been listed for sale on a known hacker forum.

This exploit, which has yet to be granted a Common Vulnerabilities and Exposures (CVE) reference, is believed to allow unauthorized users to get elevated access on any Windows machine.

The asking price for this deadly instrument is a whopping $220K. It reflects both its possible harshness and the threat actor's confidence in its success.

Impact On Windows Users

The revelation of this vulnerability is especially concerning for Windows users. Windows users can be both individual and corporate. It is so because it has the potential to grant attackers higher-level access to a targeted machine.

This might result in a wide range of criminal behaviors. It may range from theft of information and surveillance to the spread of ransomware. In addition to this, it also involves other damaging malware.

Users are susceptible unless they have the proper fixes and precise instructions.

The exploit's ability to infect all Windows systems implies that no version of the operating system is safe. Apart from this,  the absence of a CVE reference indicates that there is no official acknowledgment or remedy available yet.

The actual technical details of the attack have not been made public. As a result, the type of Local Privilege Escalation flaws may provide some insight.

Usually, LPE exploits the usage of weaknesses in the operating system's security features. With the combination of these features, the operating systems become able to control user access.

As soon as an attacker exploits potential bugs, it allows him to elevate an ordinary user account. It is also possible for an attacker to promote the accounts of the users as per administrator's capabilities. As a result, it becomes easy to bring changes in the system settings, view secured information, and install apps.

The high price of the exploit demonstrates that it is not only reliable but also very challenging to recognize. Furthermore, you can not easily make it a useful weapon for cybercriminals.

One of the interesting things is that the flaw is wormable. It clearly means that you may use it to transmit malware over networks. For this, users need not participate. So, it contributes to expanding its threat exponentially.