Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability

Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability: A Google security researcher, ‘James Forshaw’ has discovered a privilege escalation vulnerability in Windows 8.1 that could allow a hacker to modify contents or even to take over victims’ computers completely, leaving millions of users vulnerable.

The researcher also provided a Proof of Concept (PoC) program for the vulnerability. Forshaw says that he has tested the PoC only on an updated Windows 8.1 and that it is unclear whether earlier versions, specifically Windows 7, are vulnerable.

Forshaw unearthed the bug in September 2014 and thereby notified on the Google Security Research mailing list about the bug on 30th September. Now, after 90 days disclosure deadline the vulnerability and Proof of Concept program was made public on Wednesday.

The vulnerability resides in the function AhcVerifyAdminContext, an internal function and not a public API which actually checks whether the user is an administrator.