Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Key Points:

• A new unpatched Windows privilege escalation vulnerability called BlueHammer has been disclosed publicly by a frustrated security researcher after Microsoft did not issue a patch, allowing attackers to gain SYSTEM or elevated administrator permissions.
• The exploit combines a time-of-check to time-of-use (TOCTOU) bug and path confusion to access the Security Account Manager (SAM) database, enabling attackers to escalate privileges and potentially take full control of affected systems.
• Although the exploit requires local access and contains bugs that limit reliability, it poses a significant risk since local access can be obtained via social engineering, other vulnerabilities, or credential theft.
• Microsoft has not yet responded or released a fix for the flaw, which is considered a zero-day vulnerability, and the researcher criticized Microsoft’s Security Response Center for their handling of the disclosure process.
• Security experts confirm the exploit works on Windows client platforms but is less effective on Windows Server, where it only elevates privileges to an administrator level requiring user authorization.