A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions and that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM.
Security firm Trustawave discovered the bug this past May, advertised on a Russian underground hacking forum for $90,000. The forum post's latest update was on May 23, and the initial price was of $95,000.
Zero-day affects all OS versions, over 1.5 billion users
BuggiCorp also posted two YouTube videos of the zero-day in action, one escalating the privileges of an application in Window 10 with the latest May 2016 security patch installed, and another video showing his exploit bypass all security features included in Microsoft's newest version of the EMET toolkit.
The crook wants payment in Bitcoin and is willing to provide escrow via the forum's administrator if needed.
